Use of objdump

Http://www.cooltang.com/box/topic/character/program/nsfocus/051.htm

Mail station: Wuhan Baiyun Huang He station (Wed Jan 12 16:30:30 2000), letter in the station

Title: Use of objdump (redhat6.0 test)

This bastard has been lying on your host for a long time, but you just don't read it,

Maybe you don't want to watch it, but you don't have time to think about it.

It saves you time, faint

Overview:

Objdump is a bit like the tool for fast viewing.

A readable format allows you to learn more about binary files.

Possible additional information. Generally, you only want to use your own program.

This command is meaningless for running programmers.

Programmers who want to learn more about the system should master this tool,

At least you can write shellcode on your own, or look at other people's

The shellcode in the given exploit is something.

Directory:

★Preparations before testing

★The man manual of the RedHat 6.0 objdump command

★Example of an objdump application (to be added)

★Related commands

★Preparations before testing

CP/usr/lib/Libpcap. A/home/SCZ/src

Nm-s Libpcap. A | more

Ar TV Libpcap.

Ar XV Libpcap. A inet. o

Nm-s inet. o

View the display of nm-S by man nm.

★The man manual of the RedHat 6.0 objdump command

Objdump-display binary file information

Objdump

[-A] [-B bfdname |

-- Target = bfdname] [-C] [-- debugging]

[-D] [-D]

[-- Disassemble-Zeroes]

[-EB |-El | -- endian = {big | little}] [-F]

[-H] [-I | -- info]

[-J section | -- Section = section]

[-L] [-M machine] [-- prefix-addresses]

[-R] [-R]

[-S | -- full-Contents] [-S | -- source]

[-- [No-] Show-raw-insn] [-- stabs] [-T]

[-T] [-x]

[-- Start-address = address] [-- stop-address = address]

[-- Adjust-VMA = offset] [-- version] [-- help]

Objfile...

-Archive-headers

-A: displays the member information of the archive, which is similar to that of ar TV.

Objdump-A Libpcap.

Comparison with the ar-TV Libpcap. A display result

Obviously, this option is meaningless.

-Adjust-VMA = offset

When dumping information, first add offset to all

The section addresses. This is useful if the sec-

Tion addresses do not correspond to the symbol

Table, which can happen when putting sections

Particle ses SSEs when using a format which can

Not Represent section addresses, such as A. Out.

-B bfdname

-Target = bfdname

Specify the target format. This is not necessary. objdump can automatically recognize many formats,

For example: objdump-B oasys-M VAX-H Fu. o

Displays the summary of the Fu. O header, explicitly indicating that the file is oasys In the VAX system.

The target file generated by the compiler. Objdump-I will show what can be specified here

Target code format list

-Demangle

-C decodes the underlying symbolic names into user-level names, except for removing all prefixes

In addition to the underline, the C ++ function name is displayed in an understandable way.

-Debugging

Displays debugging information. Attempt to parse the debugging information stored in the file and use the C Language

. Only some types of debugging information are supported.

-Disassemble

-D. disassemble the sections with the instruction machine code.

-Disassemble-all

-D is similar to-D, but disassembles all sections.

-Prefix-Addresses

The complete address of each line is displayed during disassembly. This is an old disassembly format.

The display effect is not ideal, but some of them may be used for comparison.

-Disassemble-Zeroes

Generally, the zero part of the large part will be omitted in the disassembly output. This option will make the zero part be decompiled.

-EB

-El

-Endian = {big | little}

This option will affect the decompiling command.

Little-Endian is what we often say when we were playing assembly under DOS,

This is the case for x86.

-File-headers

-F displays the overall header summary of each object in the objfile.

-Section-headers

-Headers

-H: displays the header summary of each section in the target file.

-Brief help information.

-Info

-I displays the list of architectures and target formats available for-B or-m options.

-Section = Name

-J name only displays the information of the specified section.

-Line-Numbers

-L mark the target code with the file name and line number, and only use it with-D,-D, or-R.

The difference between using-LD and using-D is not great. It is useful in source code-level debugging and requires

Debugging and compilation options such as-G are used during compilation.

-Architecture = Machine

-M Machine

The architecture used to specify the target file for disassembly.

This option is useful for architecture information (such as S-records. You can use the-I option.

List the architectures that can be specified here

-Reloc

-R displays the relocation entry of the file. If it is used with-D or-D, the relocation part is reversed.

The edited format is displayed.

-Dynamic-reloc

-R: displays the dynamic relocation entry of a file, which is only meaningful to the dynamic target file, for example, some

Shared library.

-Full-Contents

-S: displays the complete content of the specified section.

Objdump-Section =. Text-s inet. o | more

-Source

-S decomassembles the source code as much as possible, especially when the-G debugging parameter is specified during compilation,

The effect is obvious. The-D parameter is hidden.

-Show-raw-insn

During disassembly, the machine code corresponding to each assembly instruction is displayed, unless

-Prefix-addresses, which is the default option.

-No-show-raw-insn

During disassembly, the machine code of the Assembly command is not displayed. This is the specified-Prefix-Addresses

Option.

-Stabs

Display the contents of the. Stab,. Stab. index, and

. Stab. excl sections from an elf file. This is only

Useful on systems (such as Solaris 2.0) in which

. Stab debugging symbol-table entries are carried in

An elf section. In most other file formats, debug-

Ging symbol-table entries are interleaved

Linkage symbols, and are visible in the-Syms output.

-Start-address = address

Data is displayed from the specified address. This option affects the output of the-D,-R, and-s options.

-Stop-address = address

Displays data until the specified address. This option affects the output of the-D,-R, and-s options.

-Syms

-T indicates the entry to the symbol table of the file. Similar to the information provided by nm-S

-Dynamic-Syms

-T displays the file's dynamic symbol table entry, which is only meaningful to the dynamic target file, for example, some

Shared library. The information displayed is similar to the information displayed by nm-d |-dynamic.

-Version Version Information

Objdump-version

-All-headers

-X displays all available header information, including the symbol table and relocation entry. -X is equivalent

-A-f-h-r-t is specified at the same time.

Objdump-x inet. o

See nm (1)

★Example of an objdump application (to be added)

/*

G ++-g-wstrict-prototypes-wall-wunused-O objtest. c

*/

# Include

# Include

Int main (INT argc, char * argv [])

{

Execl ("/bin/sh", "/bin/sh", "-I", 0 );

Return 0;

}

G ++-g-wstrict-prototypes-wall-wunused-O objtest. c

Objdump-J. Text-Sl objtest | more

/Main (Search)

08048750:

Main ():

/Home/SCZ/src/objtest. C: 7

*/

# Include

# Include

Int main (INT argc, char * argv [])

{

8048750: 55 pushl % EBP

8048751: 89 E5 movl % ESP, % EBP

/Home/SCZ/src/objtest. C: 8

Execl ("/bin/sh", "/bin/sh", "-I", 0 );

8048753: 6a 00 pushl $0 × 0

8048755: 68 D0 87 04 08 pushl $0x801_d0

804875a: 68 D3 87 04 08 pushl $0x80108d3

804875f: 68 D3 87 04 08 pushl $0x80108d3

8048764: E8 dB Fe FF call 8048644 <_ init + 0 × 40>

8048769: 83 C4 10 addl $0 × 10, % ESP

/Home/SCZ/src/objtest. C: 9

Return 0;

80100006c: 31 C0 xorl % eax, % eax

803666e: EB 04 JMP 8048774

8048770: 31 C0 xorl % eax, % eax

8048772: EB 00 JMP 8048774

/Home/SCZ/src/objtest. C: 10

}

8048774: C9 leave

8048775: C3 RET

8048776: 90 NOP

If it is not clear enough, you can use the following command to help:

Objdump-J. Text-Sl objtest-Prefix-addresses | more

Objdump-J. Text-DL objtest | more

Remove the debug compilation option and re-compile

G ++-O3-O objtest. c

Objdump-J. Text-s objtest | more

08048778:

Main ():

8048778: 55 pushl % EBP

8048779: 89 E5 movl % ESP, % EBP

804877b: 6a 00 pushl $0 × 0

804877d: 68 F0 87 04 08 pushl $0x80108f0

8048782: 68 F3 87 04 08 pushl $0x80108f3

8048787: 68 F3 87 04 08 pushl $0x80108f3

804878c: E8 dB Fe FF call 804866c <_ init + 0 × 40>

8048791: 31 C0 xorl % eax, % eax

8048793: C9 leave

8048794: C3 RET

8048795: 90 NOP

Compared with the binary code after-G compilation, there are many differences.

For how to write shellcode and how to understand the shellcode given by others, please refer to the central China site

"How to write your own shellcode" in the essence of the system security Edition"

★Related commands

Man objcopy

Man nm

Man GDB | DBX | SDB

The Chinese User Manual of GDB is available in BBS vertices of major universities. Check it for yourself. If you

To learn how to use this tool.